Contact tracing: The privacy vs protection debate

The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far?

It would be fair to say that the Covid-19 coronavirus pandemic has witnessed the greatest shift in society this century, with most nations currently in varying states of lockdown. Covid-19 first appeared in China in December 2019; the UK’s first case was recorded a month later.

The UK went into lockdown on 23 March, and this is still ongoing at the time of writing. The legal basis for the lockdown, the Coronavirus Act 2020, was introduced on 19 March and passed all remaining stages of consideration in the House of Commons on 23 March. It passed without a vote, before passing through the House of Lords and gaining royal assent two days later.

“Through this bill, we are implementing at least a dystopian society. Some will call it totalitarian, which is not quite fair, but it is at least dystopian. The bill implements a command society under the imperative of saving hundreds of thousands of lives and millions of jobs, and it is worth doing,” commented MP Steve Baker during the reading of the bill.

“This is the right thing to do but, my goodness, we ought not to allow this situation to endure one moment longer than is absolutely necessary.”

While the Covid-19 infection rate has dropped since the lockdown came into effect, there are concerns that a second wave of infections could occur if lockdown and social distancing measures are lifted too early. However, there are also concerns that a prolonged, economically damaging lockdown could be just as harmful.

It states: “If they try to keep their economies open for business, then there will be significant loss of life as health systems are overwhelmed. Alternatively, if they impose strict lockdowns to suppress the spread of the virus, then the resulting economic damage – counted in both statistical lives and jobs and prosperity – may ultimately be worse than the disease itself.”

Contact tracing: the story so far

Google and Apple are releasing an application programming interface (API) that will enable Bluetooth technology to be used as a tool for contact tracing. This API will allow interoperability between Android and iOS devices for apps from public health authorities. In the coming months, this functionality will be built into these platforms to offer a more robust solution than the initial API.

“We have been notified by Google and Apple regarding their work to support contact-tracing initiatives. During these unprecedented times, data protection law can work flexibly to protect lives and data,” said a spokesperson for the Information Commissioner’s Office (ICO).

“We will be reviewing the technical details and engaging with Google and Apple as their work continues, to ensure privacy issues are considered, while also taking into account the compelling public interest in the current emergency.”

NHSX has been developing a contact-tracing app. This is intended to form part of the government’s response to lifting the quarantine measures. Contact tracing is intended to act as a reporting mechanism, warning smartphone owners if they have come into contact with someone who has started displaying symptoms of Covid-19, or with someone who has tested positive for the virus.

The UK’s contact-tracing app will use a different model to the method proposed by Apple and Google, despite concerns raised about privacy and performance about the NHSX app.

How it works

There are several methods by which contact-tracing apps could collect contact data and track users’ movements, including:

For contact tracing to be successful in the UK, at least half of all smartphone users will need to install the app. If this is not achieved, as with Singapore’s TraceTogether app (which was downloaded by less than 20% of the population), there would be insufficient data gathered for it to be effective.

What we have learned from other use cases of contact tracing is that they can play a valuable role in easing restrictions, but by themselves are insufficient

A further challenge, just as with Singapore, is that a fifth of the UK population do not own a smartphone, including half the population over 50. Unfortunately, it is this demographic who are most at risk, and therefore in greatest need of contact tracing.

What we have learned from other use cases of contact tracing is that they can play a valuable role in easing restrictions, but by themselves are insufficient.

There are broadly two methodologies by which contact-tracing apps determine who has potentially been exposed to Covid-19:

Centralised – proximity contacts are uploaded to a central server, which then notifies people who have been exposed to the virus.

Decentralised – the server notifies all devices of contact IDs that potentially carry the virus, and the device determines if the device owner has been in contact within the time period. This is the method used by the Apple and Google API.

Once the app has been informed that a device owner is displaying symptoms of Covid-19, those who have been in contact with that person will receive an amber warning and told to self-isolate. If device owner then tests positive for Covid-19, a red warning will be sent.

The decentralised model is more secure, due to contact tracing being performed on the device. However, it is also harder to update the multiple versions of the app, due to platform differences. Furthermore, using the centralised model offers the NHS an invaluable pool of data for research and logistic planning.

Challenges

Although contact tracing is sound in theory, each method carries challenges that need to be overcome.

GPS struggles when devices are inside buildings and it cannot discern changes in elevation.

Using mobile phone towers for tracking purposes is insufficiently precise to determine an accurate location, but could be used to confirm that people are observing lockdown measures. This method also cannot detect who an individual comes into contact with.

Conversely, while Bluetooth can record which devices a user comes into contact with, it is not intended to passively operate in the background for long periods. It can also drain the battery and is subject to interference with other Bluetooth and location-tracking apps.

The impact of the number of false positives in suspected cases of Covid-19 will need to be considered. After a series of false positives, some people may be disinclined to continue following the warnings.

This will be compounded when using Bluetooth to determine when people have been in close proximity to each other in buildings but separated by walls and floors. These barriers will block the transmission of the virus, but not Bluetooth signals.

Data privacy

One of the key concerns, especially with the centralised methodology, is that the server will contain all the location and connections data of everyone using the app. While this data would be valuable to the NHS, it could be exploited by malicious actors and stalkers.

It could be argued that this data would be anonymised and encrypted, but these are not sufficiently foolproof measures for protecting such personal data, which would be held in a centralised location and could be accessed remotely.

There is also the likelihood of spoofed versions of contact-tracing apps being distributed. These could install spyware or malware on a subject’s phone, as well as reducing the number of users for the official apps. Engagement with Apple and Google may mitigate this, but will not eliminate the problem.

Given our current understanding of Covid-19, infection can occur up to two weeks prior to a person becoming symptomatic. Contact data would therefore need to be deleted after the recommended period.

Mission creep

One of the primary concerns around contact tracing is how the information generated by such apps could be used by other agencies. While the current pandemic makes personal tracking apps a necessity, such apps – which would record where we go and who we speak to – would never be acceptable in normal times.

From a legislative perspective, rather than attempting to justify the increased surveillance required for contact tracing through existing legislation, such as the Data Protection Act 2018 and the Investigatory Powers Act 2016, this has been granted through the emergency public health powers of the Coronavirus Act.

Just as the Coronavirus Act needs to be reviewed, so too should the contact-tracing app automatically be deleted once the pandemic has passed. This should include all contact and location data

Trials of the NHSX app are now getting underway using use Bluetooth LE for detecting potential contacts and the contact tracing performed using a centralised server.

Just as the Coronavirus Act needs to be reviewed, so too should the contact-tracing app automatically be deleted once the pandemic has passed. This should include all contact and location data.

Contact-tracing development needs to be conducted transparently and as open source for external oversight. Doing so should reassure the population that data would be collected responsibly and securely stored. Building the app with a privacy-first methodology will also go some way to reassure people that their data is being respected and protected. Combined, this should persuade a sufficient proportion of the population to use the app.

However, this would not address the fact that the most vulnerable members of the population, who would benefit most from contact tracing, are also least likely to own a smart phone.

Ultimately, we are living in extreme times, which unfortunately require extreme measures. Under normal situations, such invasive contact tracing would be untenable, but a temporary increase in surveillance is a small price to pay for preserving our health and livelihoods.

Read more about contact-tracing apps

UK scientific experts address doubts over contact-tracing app’s effectiveness, particular regarding data privacy, but admit that its nature may have to evolve as the roll-out scales up.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

As a veteran of the campaign against the national Identity register - which was so ill-conceived that it would have become one of the most common threat vectors in personal and financial data security breaches had it been implemented - I would be quite opposed to an app that uploaded sensitive personal information to a centralised government database. But I would tolerate during in an emergency an app that operated in a peer-to-peer decentralised way.

The sad truth is, assaults on essential freedoms never happen in a vacuum. They happen during a time of tumult and threat, when people are most frightened and vulnerable to being manipulated. No tyrant ever seized control when everything was bumbling along pleasantly. This is the time to be most vigilant.